IG 3.7.3: Display chosen Entitlement Value in Request Approval

Hi everyone,

we have created a permission with three entitlements of which to choose from. These are automatically available from a select component in the default form.

The approver, however, cannot see this choice and would therefore not know what he would approve.

We tried to solve it by creating a custom formset, but it seems to not be possible to assign that to a permission which has entitlements behind it.

It is assignable on permission relationship level as well as entitlement level, but that does not seem to do anything, it still cannot be used.

Our question is now, is it somehow possible to either configure the request approval view, like with the Review Display Customization, or to somehow attaching a custom form set to this role without fiddling with the database?

We are using IG 3.7.3, the database behind it is Oracle 19c.

Thank you!

Best regards,

Bernhard

  • 0  

    Note that custom forms and workflows are available in version 4.  In version 3 they are a pre-release preview, so be careful of tyring to use those just yet.    I don't think that you can customize what is viewable in the out-of-box approval interface, so I do think a custom form for approval (and request?) is the way to go.  In the form you will likely need to query the request object in the backend to identify which option was chosen, and add that to the flow, then display that to the approver.   

    Do you have the fulfillment side working - I assume you are using IDM / entitlements to fulfill.  After approval does it grant the fulfillment correctly (even though the approval can't see the choice yet)?

    --Jim

  • 0   in reply to   

    Hi Jim,


    Thanks for your feedback!


    I'll stand in for my colleague here who started the discussion...


    Yes, fulfilment works fine via the IDM AE Permission Collector, so no issues there. The problem really is that we use 100% OOTB functionality (no custom forms/workflows/fulfillment/collection configs etc) to collect IDM permissions (based on dynamic entitlement values bound to a resource) as described, so that they can be requested via the default request form. But then the entitlement value selected during the request does not show up during approval, only the resource and application. This, in my humble opinion, makes it impossible for an approver to make a proper decision on whether to approve or reject a request from a business and compliance perspective.

    The proposed attempt to use custom forms for request/approval would only be a workaround. And as I recall from the release notes, only the workflow engine was declared preview in the 3.7.3 off-cloud release (we learned that the hard way). But again, our intention is to use as much OOTB functionality as possible and stay away from any custom forms/workflows where possible (which is also recommended in the documentation/release notes, I think).

    For this reason, a configuration for the information displayed during approval, similar to the "Review Display Customisation" option, would be very helpful.

    Best regards,
    Philipp

  • 0   in reply to   

    I totally agree with you.   Leveraging the out-of-box capability is ideal.   If the 4.2 on-prem release doesn't do this for you, add it to the idea exchange, and I'll vote for it!

    --Jim

  • Verified Answer

    +1   in reply to   

    Hello,

    1) The current implementation (including 4.2) will not show the dynamic values (Entitlement Value or Resource Request Parameters) on the Approval.  

    2) It is not possible to customize a Permission Approval Form to display this information

    3) I have created an Enhancement Request to look to add this kind of functionality in an upcoming release


    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    OpenText Cybersecurity

  • 0   in reply to   

    Hi Steve,


    Really appreciate your feedback!


    This will be a very useful feature for existing IDM customers who use OOTB and custom entitlements throughout their IDM solutions to further improve IG<>IDM integration.


    So hopefully we will see this feature make its way into the product in the near future.

    Thanks!


    Kind regards,
    Philipp